Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
5b87c927
Verified
Commit
5b87c927
authored
Jan 10, 2020
by
Jan Alexander Steffens (heftig)
Browse files
matrix: Update homeserver config from sample_config.yaml
parent
33e58d56
Changes
3
Hide whitespace changes
Inline
Side-by-side
roles/matrix/files/log_config.yaml
View file @
5b87c927
# Log configuration for Synapse.
#
# This is a YAML file containing a standard Python logging configuration
# dictionary. See [1] for details on the valid settings.
#
# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
version
:
1
formatters
:
fmt
:
format
:
'
%(asctime)s
-
%(name)s
-
%(lineno)d
-
%(levelname)s
-
%(request)s-
%(message)s'
journal_fmt
:
format
:
'
%(name)s:
[%(request)s]
%(message)s'
precise
:
format
:
'
%(asctime)s
-
%(name)s
-
%(lineno)d
-
%(levelname)s
-
%(request)s
-
%(message)s'
journal_fmt
:
format
:
'
%(name)s:
[%(request)s]
%(message)s'
filters
:
context
:
()
:
synapse.logging.context.LoggingContextFilter
request
:
"
"
context
:
()
:
synapse.logging.context.LoggingContextFilter
request
:
"
"
handlers
:
# example output to console
console
:
class
:
logging.StreamHandler
formatter
:
fmt
filters
:
[
context
]
# output to systemd journal
journal
:
class
:
systemd.journal.JournalHandler
formatter
:
journal_fmt
filters
:
[
context
]
SYSLOG_IDENTIFIER
:
synapse
root
:
level
:
INFO
handlers
:
[
journal
]
console
:
class
:
logging.StreamHandler
formatter
:
precise
filters
:
[
context
]
journal
:
class
:
systemd.journal.JournalHandler
formatter
:
journal_fmt
filters
:
[
context
]
SYSLOG_IDENTIFIER
:
synapse
loggers
:
synapse
:
level
:
INFO
synapse.storage.SQL
:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level
:
INFO
# example of enabling debugging for a component:
#
# synapse.federation.transport.server:
# level: DEBUG
root
:
level
:
INFO
handlers
:
[
journal
]
disable_existing_loggers
:
false
roles/matrix/tasks/main.yml
View file @
5b87c927
...
...
@@ -19,7 +19,6 @@
-
/var/lib/synapse
-
/var/lib/synapse/irc-nedb
-
/var/lib/synapse/media_store
-
/var/lib/synapse/uploads
-
name
:
make virtualenv
command
:
python -m venv /var/lib/synapse/venv
...
...
@@ -80,15 +79,23 @@
-
name
:
install homeserver config
template
:
src=homeserver.yaml.j2 dest=/etc/synapse/homeserver.yaml owner=root group=synapse mode=0640
notify
:
-
restart synapse
-
name
:
install log config
copy
:
src=log_config.yaml dest=/etc/synapse/log_config.yaml owner=root group=root mode=0644
notify
:
-
restart synapse
-
name
:
install irc-bridge config
template
:
src=irc-bridge.yaml.j2 dest=/etc/synapse/irc-bridge.yaml owner=root group=synapse mode=0640
notify
:
-
restart matrix-appservice-irc
-
name
:
install irc-bridge registration
template
:
src=appservice-registration-irc.yaml.j2 dest=/etc/synapse/appservice-registration-irc.yaml owner=root group=synapse mode=0640
notify
:
-
restart synapse
-
name
:
install signing key
copy
:
...
...
roles/matrix/templates/homeserver.yaml.j2
View file @
5b87c927
...
...
@@ -44,6 +44,13 @@ public_baseurl: https://{{ matrix_domain }}/
#
#require_auth_for_profile_requests: true
# Uncomment to require a user to share a room with another user in order
# to retrieve their profile information. Only checked on Client-Server
# requests. Profile requests from other servers should be checked by the
# requesting server. Defaults to 'false'.
#
#limit_profile_requests_to_users_who_share_rooms: true
# If set to 'true', removes the need for authentication to access the server's
# public rooms directory through the client API, meaning that anyone can
# query the room directory. Defaults to 'false'.
...
...
@@ -678,10 +685,6 @@ media_store_path: "/var/lib/synapse/media_store"
# config:
# directory: /mnt/some/other/directory
# Directory where in-progress uploads are stored.
#
uploads_path
:
"
/var/lib/synapse/uploads"
# The largest allowed upload size in bytes
#
#max_upload_size: 10M
...
...
@@ -1107,14 +1110,19 @@ form_secret: "{{ vault_matrix_secrets[matrix_server_name].form_secret }}"
signing_key_path
:
"
/etc/synapse/{{
matrix_server_name
}}.signing.key"
# The keys that the server used to sign messages with but won't use
# to sign new messages.
E.g. it has lost its private key
# to sign new messages.
#
#old_signing_keys:
# "ed25519:auto":
# # Base64 encoded public key
# key: "The public part of your old signing key."
# # Millisecond POSIX timestamp when the key expired.
# expired_ts: 123456789123
old_signing_keys
:
# For each key, `key` should be the base64-encoded public key, and
# `expired_ts`should be the time (in milliseconds since the unix epoch) that
# it was last used.
#
# It is possible to build an entry from an old signing.key file using the
# `export_signing_key` script which is provided with synapse.
#
# For example:
#
#"ed25519:id": { key: "base64string", expired_ts: 123456789123 }
# How long key response published by this server is valid for.
# Used to set the valid_until_ts in /key/v2 APIs.
...
...
@@ -1242,33 +1250,58 @@ saml2_config:
#
#config_path: "CONFDIR/sp_conf.py"
#
t
he lifetime of a SAML session. This defines how long a user has to
#
T
he lifetime of a SAML session. This defines how long a user has to
# complete the authentication process, if allow_unsolicited is unset.
# The default is 5 minutes.
#
#saml_session_lifetime: 5m
# The SAML attribute (after mapping via the attribute maps) to use to derive
# the Matrix ID from. 'uid' by default.
#
#mxid_source_attribute: displayName
# The mapping system to use for mapping the saml attribute onto a matrix ID.
# Options include:
# * 'hexencode' (which maps unpermitted characters to '=xx')
# * 'dotreplace' (which replaces unpermitted characters with '.').
# The default is 'hexencode'.
# An external module can be provided here as a custom solution to
# mapping attributes returned from a saml provider onto a matrix user.
#
#mxid_mapping: dotreplace
user_mapping_provider
:
# The custom module's class. Uncomment to use a custom module.
#
#module: mapping_provider.SamlMappingProvider
# In previous versions of synapse, the mapping from SAML attribute to MXID was
# always calculated dynamically rather than stored in a table. For backwards-
# compatibility, we will look for user_ids matching such a pattern before
# creating a new account.
# Custom configuration values for the module. Below options are
# intended for the built-in provider, they should be changed if
# using a custom module. This section will be passed as a Python
# dictionary to the module's `parse_config` method.
#
config
:
# The SAML attribute (after mapping via the attribute maps) to use
# to derive the Matrix ID from. 'uid' by default.
#
# Note: This used to be configured by the
# saml2_config.mxid_source_attribute option. If that is still
# defined, its value will be used instead.
#
#mxid_source_attribute: displayName
# The mapping system to use for mapping the saml attribute onto a
# matrix ID.
#
# Options include:
# * 'hexencode' (which maps unpermitted characters to '=xx')
# * 'dotreplace' (which replaces unpermitted characters with
# '.').
# The default is 'hexencode'.
#
# Note: This used to be configured by the
# saml2_config.mxid_mapping option. If that is still defined, its
# value will be used instead.
#
#mxid_mapping: dotreplace
# In previous versions of synapse, the mapping from SAML attribute to
# MXID was always calculated dynamically rather than stored in a
# table. For backwards- compatibility, we will look for user_ids
# matching such a pattern before creating a new account.
#
# This setting controls the SAML attribute which will be used for this
# backwards-compatibility lookup. Typically it should be 'uid', but if
the
# attribute maps are changed, it may be necessary to change it.
# backwards-compatibility lookup. Typically it should be 'uid', but if
#
the
attribute maps are changed, it may be necessary to change it.
#
# The default is 'uid'.
#
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment